Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

You may want to print this or save it to a Notepad file on your desktop, as you will not have Internet access in Safe mode.
-----------------------------------------------------------Open WinGuard ProUncheck all the boxes under Program Protections tab
Uncheck items under the Extra locks tab
click Apply, then Close-----------------------------------------------------------Set Your Computer to Show All FilesGo to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. In addition, if you have Windows XP, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------Download and install CCleaner from here.
Run CCleaner.
( Do not use the Issues block )
Click on the Options block on the left. Select Advanced.
Uncheck"Only delete files in Windows Temp folders older than 48 hours".
Click on the Cleaner block on the left. Choose the Windows tab.
Check everything ExceptCookies, Autocomplete Form History, and the Advanced part of the Menu.
Click the Run Cleaner button. This process could take a while.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
-----------------------------------------------------------Please download, install, and update the free trial version of Ewido trojan scanner: from here : http://www.ewido.net/en/download/There is an unofficial set of instructions in pdf format here : http://www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf * Install ewido security suite
* When installing, under "Additional Options", Uncheck "Install background guard" and Uncheck "Install scan via context menu".
* Launch ewido, there should now be an icon on your desktop. Double-click it.
* The program will go to its main screen
* On the left hand side of the main screen click Update.
* Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can also use the same download link http://www.ewido.net/en/download/ to manually update ewido.
-----------------------------------------------------------
Start Your Computer in Safe Mode.Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list.
In some systems, this may be the F5 key, so try that if F8 doesn't work.
-----------------------------------------------------------
Close all open windows/programs/folders. Have Nothing else open while ewido performs its scan!.
It's extremely important not to open any windows while the scan is in progress.
Now Run Ewido * Click on scanner
* Click on Settings
* Under "How to scan" all boxes should be selected
* Under "Possibly unwanted software" all boxes should be selected
* Under "What to scan" select scan every file
* Click OK
* Click on Complete system scan
* Let the program scan the machine
* If ewido finds anything, it will pop up a notification.
* Let it fix whatever it finds
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
* Click Save report
* Save the report to your desktop
* Exit ewido
When you compose your reply, paste the contents of the report into it..
-----------------------------------------------------------Retrieve the List of Installed programs Using HJTOpen HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply.
-----------------------------------------------------------Remove log items with HighjackThis. Start HijackThis. If the opening screen shows, choose None of the above, just start the program.
Click Scan. When the Scan is complete, Check the following entries:(Some of these lines may be missing)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.comO2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nseB0.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe (file missing)O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)Make sure all other windows except HJT are closed, and Click Fix Checked.
-----------------------------------------------------------Post a New HJT LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

To summarize, we are looking for the Ewido report, the Installed Programs list from HJT, and The new HJT log.

That error is from the "Safe Surfing" spyware, fussing because it's been disabled.
We'll remove the rest of it here.
-----------------------------------------------------------Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, Peer 2 Peer file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. Additional information on the safety of Peer to Peer Networks is here : http://www.spywareinfo.com/articles/p2p/ -(from NonSuch)
If your copy of Limewire is old, I would suggest going to Control Panel, Add/Remove Programs, and removing. It was once spyware loaded.

I would also be extremely careful of poker sites. At least one, Party Poker, is on Eric Howes' well researched spyware block list.
-----------------------------------------------------------Remove log items with HighjackThis. Start HijackThis.
Click Scan. When the Scan is complete, Check the following entries:O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\iraspmkk.dll (file missing)O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exeMake sure all other windows except HJT are closed, and Click Fix Checked.
-----------------------------------------------------------Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------Download and Install a HOSTS FileA Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htmThis website also contains useful tips, and links to other resources and utilities.
-----------------------------------------------------------Install WinPatrol - Download and Install WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html - WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system. It also provides selective cookie management.

If you have no further trouble, best wishes.
Otherwise, we are here.
askey127
edit:
P.S.- to complete the cleanup, it's probably best to delete those two files:C:\WINDOWS\system32\iraspmkk.dll (may be missing)C:\WINDOWS\system32\irasyncd.exeaskey127

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.